Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Set up sendmail to run in send-only mode UNIX
There have been previous hints on this forum regarding activating Sendmail. For instance, this hint, which in turn references the O'Reilly instructions. However, there is one nit I'd like to pick with the O'Reilly instructions. Go to their page and scroll down to where they say:
If you are going to not blame sendmail, then there are two ways in which we can administer this medication. The first is to edit the /System -> Library -> StartupItems -> Sendmail -> Sendmail startup script in order to use the following commands to start up sendmail:
/usr/sbin/sendmail \
  -OdontBlameSendmail=GroupWritableDirPathSafe -bd -q1h
/usr/sbin/sendmail \
  -OdontBlameSendmail=GroupWritableDirPathSafe \
  -C /etc/mail/submit.cf -q1h
This does a pretty good job. However, some of the other commands...
Ok here's the nit to pick: If you are activating sendmail to merely send outgoing email via the mail command and are not accepting incoming email from another mail server, then do not start sendmail with the -bd flag. This launches sendmail and has it listening on port 25. Bad mojo if you are running a vulnerable version of sendmail. Instead, launch it with this:
/usr/sbin/sendmail -q1h
All this does is launch the daemon and clear the mail queue every hour. You should still be able to use mail command to send email. To make this change, edit the file /System -> Library -> StartupItems -> Sendmail -> Sendmail. Go to line 23 and change:

/usr/sbin/sendmail -bd -q1h to /usr/sbin/sendmail -q1h.

This will be create a more secure use of sendmail if all you want to do is use the mail command to send system cron alerts and such.
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[21,303 views]  

Set up sendmail to run in send-only mode | 5 comments | Create New Account
Click here to return to the 'Set up sendmail to run in send-only mode' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Set up sendmail to run in send-only mode
Authored by: professor on May 27, '03 01:44:30PM

Or firewall inbound traffic on Port 25.

You do have the firewall enabled, don't you?



[ Reply to This | # ]
Set up sendmail to run in send-only mode
Authored by: macubergeek on Jun 05, '03 10:04:17AM

No my setup won't accept incoming mail...its only for outbound mail, so I can use the mail command without exposing port 25 on my box



[ Reply to This | # ]
Set up sendmail to run in send-only mode
Authored by: agamemnon on May 27, '03 06:59:14PM

There is another way to do this... set up sendmail to only listen on 127.0.0.1 (loopback IP)... then you can still send mail locally, but others can't connect to you. The best of both worlds!

You need to add the following to the .mc file you are using to generate sendmail.cf:

FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Port=587, Name=MSA, M=E')dnl
CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl

This sets up sendmail to listen on loopback ONLY, for both mail (250 and submit (587).

Also, comment out the line:

/usr/sbin/sendmail -C /etc/mail/submit.cf -q1h

in your /System/Library/StartupItems/Sendmail/Sendmail startup script.

Stop all running sendmail processes & restart, everything will work great !

>> Thanks to OpenBSD's openbsd-localhost.mc for how to set this up. <<



[ Reply to This | # ]
Set up sendmail to run in send-only mode
Authored by: agamemnon on May 27, '03 08:24:16PM

Grr. That should be port 25 for mail, not 250.



[ Reply to This | # ]
Set up sendmail to run in send-only mode
Authored by: gvaughn on May 28, '03 12:36:37AM

Can you briefly explain what that line in /System/Library/StartupItems/Sendmail/Sendmail is supposed to do? It seems strange to me to have two invocations of sendmail in that startup script anyay, but I'm new to all this.



[ Reply to This | # ]